TRENDING

IPv6 security from edge to core

By Brad Grimes

Jun 22, 2006

NFR Sentivist

Simply breathe the term 'IPv6' and Andre Yee perks up like a kid in a candy store. The CEO of Rockville, Md.-based NFR Security Inc. sounds like he expected large-scale migration to the new Internet protocols to begin years ago.

'We've supported IPv6 inherently in our products since 2003. We wish this move to IPv6 had taken hold earlier,' Yee said.

With government agencies under orders to start running IPv6 by June 2008, Yee said NFR Security is starting to see an uptick of interest in its Sentivist intrusion prevention systems, which were designed for IPv6-based networks. In response to IPv6 and other requirements, Yee told GCN this month that the company would begin shipping the Sentivist Smart Sensor 20 and Smart Sensor 50 to help agencies protect remote or branch offices. 'We'd been getting requests for this technology but hadn't gotten to it because we were focused on bandwidth requirements at the core,' Yee said.

The new Sentivist Smart Sensor products include the same IPS protection as the company's enterprise systems, which scale up to 10 gigabits per second. Smart Sensors employ multiple detection and analysis techniques including vulnerability and exploit signatures, anomaly detection, protocol analysis, stateful and deep packet inspection, application fingerprinting and more. But the Smart Sensor 20 and 50 models operate at 20Mbps and 50Mbps. Pricing starts at $3,000.

Yee said it was important to offer customers an IPv6-capable security solution from the edge to the core. Intrusion detection/prevention is one of the network components the CIO Council singled out as being impacted by IPv6 in its latest transition guidance.

'We have an opportunity to think about security as we build this new infrastructure,' Yee said. 'If you buy a tool now without taking into account IPv6, you may find yourself exposed while your vendor tries to catch up.'